The Bloomberg Scandal and SaaS. Don’t Let It Be You. Trust is Lost in a Heartbeat.

We have a no politics rule here at SaaStr. I’m not going to talk about the IRS stuff, or SAC Capital, let alone other headline topics from the right, left or center.

But one scandal did really get my eye from a SaaS perspective. It’s the absolute disaster of what Bloomberg did with its customers’ confidential data.And it could be you.

I won’t reproduce the whole story, you can read more here. But in a nutshell, the Bloomberg terminals on every trader’s desk — for which they pay thousands of dollars a month in many cases — generate a lot of data about that user. And some of that data was not only shared across the Bloomberg reps who sold and managed the terminals, it was also made available to Bloomberg journalists. Who could then use the info to see if, for example, key employees at Goldman or any other bank had left, at a minimum (a nice story there from this very sensitive data). And one could only imagine what other data they could access about these hyper-confidential customers.

Now Bloomberg isn’t going to go out of business because of this. They’ll survive it — because their customers have no choice. They need the data and the terminals. But first, they are going to have to spend a huge amount of time, money and effort increasing and addressing their security. And more importantly — trust is lost. Trust takes years to earn, but can be lost in a heartbeat. They’ll see it at renewal time. Customers will ask for discounts in anger. And they’ll see it in upsell numbers. No one impacted is going to buy anything from Bloomberg that they don’t really need for quite a while. And they’ll see it in a general slowdown.

For you, it could be even worse. It could end your business. Because if you get maimed like this, you may not recover. Best case — it will be your Year of Hell.

And this is a real problem in SaaS. Let me give you two personal examples:

#1: A few years ago, I was recruiting an executive from a Leading SaaS company. I have to tell you, I was a little nervous about this meeting. I wanted to close him, and we were pretty tiny at the time — only about $2m in ARR. They were quite a bit bigger, and I didn’t think he’d see us as big enough. But lo and behold! Within 5 minutes of our meeting, he told me all about how great my business was trending. How did he know? He looked. He looked at our data. Because we were customers of this Leading SaaS company.

I felt sick.

#2: Another example. Again, a few years ago, I was meeting with an executive at Another Leading SaaS company. This exec told me how well another private SaaS company was doing, that was his customer. I agreed, but thought they weren’t doing quite as well as the press made it out. He said no — in fact, they’re doing better. He knew their exact revenues. Even higher than I’d thought.

I felt sick. Again.

Having said all that, I did continue to buy the first product, from the first Leading SaaS Company. I had no choice. But I was never loyal again. I never trusted them, and I never bought anything from them I didn’t have to.

And that second Leading SaaS Company? I never bought. I might, some day. It’s a good product. But I’ll only buy because I have to. Not out of loyalty.

So here’s my simple advice: I Know You Want More Revenue. And to Know More About Your Customers. But — Be Careful. When In Doubt — Just Don’t. Just Stop. All SaaS applications generate a lot of data about customers. I’m not talking about architectural security. I’m not even talking about basic application security, like keeping data encrypted at rest, in back-up, and in transit. Hopefully you’ll do all that. But even if you do, you’ll have some access to customer data.

Do you use that customer data to help diagnose customer problems? That seems OK if you get explicit customer permission, and ideally, have the application grant it. But make sure it’s used in the minimum possible fashion, with explicit, documented consent.

Do you use that customer data to upsell them? I don’t like this. But it seems like everyone does it. If you do it, use only the minimum data necessary (e.g., license or seat violations).

Whatever you do, do the absolutely minimum for a great customer experience. It’s just not worth it. It’s not your data. It’s theirs. And you’ve been entrusted with it. Entrusted.

And it’s not even good business. As a SaaS CEO/founder/exec … what you want is Attitudinal Loyalty. You want your customers to love you. That’s where the long-term money is in SaaS. That’s where you get upsells, more purchases, more referrals, more word-of-mouth. More low cost, high ROI leads.

You don’t want customers that are prisoners, and merely Behaviorally Loyalty (more on the key differences here). That’s the start of a Death Spiral. Prisoner Customers just don’t generate enough revenue growth, even if they stay.

Don’t be a Bloomberg.

——-

With that, I’ll leave you one last thought here, from a good friend, Anshu Sharma, VP of Products at Salesforce (that’s about as good as it gets here) and a pretty deep thinker on these and many other issues:

“It’s not enough to just say or write down in some rule book that you should not look at customer data. You must put controls in place to do that as if you your life depended on it. Because it does!” Amen. More of his thoughts here. Read it to go deeper.